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1 )^ Responsive to communication(s) filed on 24 October 2007 . 
2a )□ This action is FINAL. 2b)|3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Claim(s) 5. 7-12 and 43-50 is/are pending in the application. 
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5) n Claim(s) is/are allowed. 

6) IEI Claim(s) 5.7-12 and 43-50 is/are rejected. 
/)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 
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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 10/24/2007 has been entered. 

Statiis of Claims 

As per the amendment submitted on October 24, 2007, claims 5, 7-10, 43, 45, 47 and 48 
have been amended. Thus, claims 5, 7-12 and 43-50 remain pending. 

Response to Amendment 

Above recited amended claims rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one skilled in the 
relevant art that the inventor(s), at the time the application was filed, had possession of the 
claimed invention. The amendments refer to "editing each of said executable commands such 
that said executable commands will not be executed by the network server (response p. 5)" The 
Examiner has reviewed the disclosure but has not been able to find support for such 
amendments. 

Response to Arguments 

AppHcant's arguments with respect to amended claims have been considered but are moot 
in view of the new ground(s) of rejection. 



Application/Control Number: 1 0/82 1 ,379 
Art Unit: 3621 



Page 3 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the im ention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the stibject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 5, 7-12 and 43-50 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Guheen et al. (hereinafter Guheen), US 6,473,794 Bl in view of Green et al. 
(hereinafter Green), US 5,913,024. 

Claims 5-12 

5. Guheen discloses a method for protecting a network server from being used as the basis 
of an attack on a network client, the method comprising (column 43, lines 34-67; column 248, 
lines 38-45) and restricting access to said network server to a portion of said network server for 
at least a selected protocol (column 17, directory services; column 276, line 34-277, line 24). 
Guheen does not explicitly disclose scanning said portion of said network server for particular 
characters, said particular characters being associated with said selected protocol and removing 
said particular characters such that a security risk posed by said selected protocol is reduced. 

Green, however, discloses a commerce server security system wherein attackers or 
external users are prevented from subverting the server and uploading an executable file (column 
29, line 3 - column 30, line 43). Therefore, it would have been obvious to one of ordinary skill 
in the art at the time of the invention to modify Guheen's network security system to include 
processes and data objects wherein regions of internal and external burbs associated with a 
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trusted commerce server can prevent harmful or unwanted characters to infiltrate and 
compromise a network, as per teaching of Green (column 5, line 52-colunm 7, line 55). 

7. Guheen further discloses the method of claim 5, further comprising replacing particular 
characters within said executable commands (column 272, line 30-column 259, line 30). 

8. Guheen fiirther discloses the method of claim 5, wherein said executable commands include 
particular characters and said characters are hostile characters and wherein if a request contains 
any of said hostile characters, the request is rejected (column 273, lines 16-34; column 280, lines 
19-39). 

9. Guheen further discloses the method of claim 5, further comprising logging said executable 
commands to form a security log (column 266, lines 12-21, column 268, lines 20-36, column 
286, lines 13-58). 

10. Guheen further discloses the method of claim 9, fiirther comprising reviewing said security 
log to determine whether said executable commands are hostile (column 43, line 34-column 44, 
line 8). 

1 1 . Guheen fiirther discloses the method of claim 5, wherein said protection of the network 
server is accomplished during an electronic purchase transaction (column 251, lines 34-36). 
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12. Guheen further discloses the method of claim 11, wherein the electronic purchase transaction 
is conducted using a digital wallet (colunm 17, Java wallet; column 261, lines 30-53). 

Claims 43-50 

43. Guheen discloses a computer- implemented method for protecting a network server from 
being used as the basis of an attack on a network client, the method comprising: a. receiving a 
request for a connection at said server from said network client (figure 87, 2613; receiving user 
indicia); d. verifying that any response from said network server to said network client is void of 
said particular characters (fig 88, 2700; allowing browser-based authentication with user 
verification data); and e. providing said response from said network server to said network client 
(fig 88, 2702; granting access to at least one of application and system data based on the user 
verification data). 

Guheen does not explicitly disclose scanning said portion of said network server for 
particular characters, said particular characters being associated with said selected protocol and 
removing said particular characters such that a security risk posed by said selected protocol is 
reduced. 

Green, however, discloses a commerce server security system wherein attackers or 
external users are prevented from subverting the server and uploading an executable file (column 
29, line 3 - column 30, line 43). Therefore, it would have been obvious to one of ordinary skill 
in the art at the time of the invention to modify Guheen's network security system to include 
processes and data objects wherein regions of internal and external burbs associated with a 
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trusted commerce server can prevent harmful or unwanted characters to infiltrate and 
compromise a network, as per teaching of Green (column 5, line 52-colunm 7, line 55). 

44. Guheen further discloses the method of claim 43 further comprising restricting access to said 
network server for said protocol to said portion of said network server (column 17, directory 
services; column 276, line 34-277, line 24). 

45. Guheen further discloses the method of claim 43 further comprising replacing particular 
characters within said executable commands with benign (column 272, line 30-column 259, line 
30). 

46. Guheen further discloses the method of claim 43 wherein said protocol comprises JavaScript 
(column 34, lines 10-60). 

47. Guheen further discloses the method of claim 43 further comprising logging said executable 
commands to form a security log (column 266, lines 12-21, column 268, lines 20-36, column 
286, lines 13-58). 

48. Guheen further discloses the method of claim 47 further comprising reviewing said security 
log to determine whether said executable commands are hostile (column 273, lines 16-34; 
column 280, lines 19-39). 
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49. Guheen further discloses the method of claim 47 wherein said protection of the network 
server is accomplished during an electronic purchase transaction (column 25 1, lines 34-36). 

50. Guheen further discloses the method of claim 49 wherein the electronic purchase transaction 
is conducted using a digital wallet (column 17, Java wallet, and column 261, lines 30-53). 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant. Although the specified citations 
are representative of the teachings in the art and are applied to the specific limitations within 
the individual claim, other passages and figures may apply as well. It is respectfully requested 
from the applicant, in preparing the response, to consider fully the entire references as 
potentially teaching all or part of the claimed invention, as well as the context of the passage 
as taught by the prior arts or disclosed by the examiner. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Bradley Bayat whose telephone number is 571-272-6704. The 
examiner can normally be reached on Tuesday-Friday 8 a.m. - 6:30 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Bradley Bayat/ 

Primary Examiner, Art Unit 3621 



